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WHAT IS CLAIMED IS: 

L A method for rollover of cryptographic keys during operation of a computer system, the 
method comprising the steps of: 
5 (a) providing an old set of cryptographic keys; 

(b) checking with a key repository to determine if a certificate re-issuance is 
necessary, meanwhile maintaining the availability of the old set of cryptographic keys; 

(c) performing a rollover operation; 

(d) if the rollover operation in step (c) results in new or revised keys, storing the new 
10 or revised keys in a database; and 

(e) if the rollover operation in step (c) results in the new or revised keys, providing 
the new or revised keys to applications that need them when next requested by such appUcations. 

2. The method of claim 1, wherein during step (b) the key repository utilizes one or more 
15 services of a speciaUzed application acting as an extension of the key repository. 

3. The method of claim 2 further comprising the step of: 

(f) if the key repository utilizes the one or more services of the specialized 
apphcation, authenticating authorization of the speciaHzed application to perform those service. 

20 

4. The method of claim 1 being invoked as a result of a command. 

5. The method of claim 1 being invoked as a result of a periodic check which senses that the 
old set of cryptographic keys are approaching expiration. 

25 

6. The method of claim 1 being invoked as a result of sensing an expired key. 
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7. The method as in claim 1, wherein the apphcations are notified of the presence of new 
keys by the Key Repository process. 

8. The method as in claim 1, wherein the applications detect a missing key, and check with 
the Key Repository for that key and, if the missing key has been reissued, the apphcations 
receive a newly-issued key. 

9. The method as in claim 1, wherein the Key Repository process is prompted by the 
applications to invoke the method as a result of the applications detecting a key approaching 
expiration. 

10. The method as in claim 1 , wherein the applications request the Key Repository process to 
provide thereto a new or revised key as a result of the apphcations detecting an expired key. 
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